Next time you install an app on your phone, you’d best think twice if it asks permission to access your photos.
As The Guardian reports, following a tweet from security researcher Nik Cubrilovic, the very same hackers who merrily collected naked photos of more than 100 female celebrities, including Oscar-winning actress Jennifer Lawrence, had plotted a variety of dirty tricks to increase their haul.
At least one hacker openly posted on the AnonIB image board, proposing what he called a “genious” idea:
I have developed a flappybird clone. Hear me out. I.. modded.. the app.
It now secretly downloads all of the phones pictures to my server when the game is running.
Such a scheme, if put into operation, would not just be a risk for celebrities of course. Anybody who had photographs on their smartphone which they wanted to remain private would be at risk if they installed the app.
The only good news is that the hacker posting on AnonIB’s sleazy image-sharing board doesn’t want to risk his developer account.
The problem is this – it’s a violation of google play developers license to do publish sneaky apps like that, and I REFUSE to risk my license over it.
HOWEVER, I am willing to make a second developer account with the purpose of getting wins from this game. The fee is 20$ for a developer license.
If any kind anons want to help me get the thing paid for, I will post any wins obtained in this thread. (I will link the app’s store entry here. you get the girls to download it and play ONCE, and you’ll get all the win you wanted, if it was there.
What a charming fellow… I’m sure his mother is proud of him.
The real Flappy Bird game, written by Dong Nguyen, has been one of the most popular apps of the year – its addictive tough gameplay and retro graphics either managing to both frustrate and charm in equal measure. Scores of copycat rip-offs of the game exist in the Android Google Play store, and although it’s not known if the hacker’s plan was ever put into action – it’s certainly plausible that it would work.
The problem is, of course, that firstly Google doesn’t police its app store anything like as strongly as Apple, but also that users are all too willing to grant permission to their Android apps to access all manner of parts of their smartphone without questioning if it’s appropriate for a game to – say – send SMS message or (in this scenario) access your photographs.
Don’t forget, always be careful about what apps you put on your mobile phone, and take special care over the permissions that they request. If you don’t want to grant an app access, don’t install it.
[…] Read more in my article on the Hot for Security blog. …read more […]
[…] if it asks permission to access your photos. Read more in my article on the Hot for Security blog., Security Bloggers Network, Graham Cluley, , Share this:LinkedInFacebookTwitterGoogleGoogle+ Dean BarnesLike this:Like […]
[…] Hackers plotted fake Android Flappy Bird app to steal young women’s photos Share it Please android art content flappy bird hacked celebrities malware phone photo photos privacy security […]
Sneaky, but of course he risks that someone will question why the game needs Internet access and access to the photos.
A much better way would be a clone of Snapchat – add some funky feature to attract users, and you can steal as many pictures as you like, because sending pictures to a server is the core function of the app. What the server then does with the pictures is something neither the user nor Google can even check, let alone control.
I really don’t know why android doesn’t let you remove selected permissions from apps if you feel they are not necessary for the functionality.
[…] put that in perspective, take a read of this story from Graham Cluley’s security blog “Hackers plotted fake Flappy Bird app to steal girls’ photos from Android phones“. If that doesn’t scare the hell out of you and inspire the need to have well […]
[…] highly downloaded Flappy Bird mobile game was cloned to steal user photos from Android phones. “I have developed a flappybird clone. […]